TechBeat: The way of the IT pro
25 June 2015 | 0
Data availability and recovery after an issue was also probed. A quarter of respondents said that they were very confident that in the vent of a security issue in relation to personal or work data, that the data would be either available or recoverable. Nearly two thirds (65%) were somewhat confident with a relatively small one in 10 being not at all confident.
Looking further in terms of confidence in services, respondents were asked about perceptions of security of their data when using online public services, such as motor tax and revenue online. More than a third (35%) were very confident, more than half (55%) were somewhat confident, with just one 10 being not at all confident. While this is a small proportion, it is the opinion of one in 10 IT professionals.
“We were surprised,” said Larkin, “to find that 90% expressed confidence in the security of online public services. This may be reflective of the relatively small amount of publicised incidents and breaches involving public services to date. When it comes to information security in public or private service, trust needs to be earned and maintained.”
Respondents were asked if they felt they had been spending increasing amounts of time dealing with cyber and data security issues. While nearly half (49%) said they felt it was about the same, 46% said they felt they were spending more time, with just 5% saying they were spending less time.
“That 46% of organisations spend more time and resources on security issues is no surprise,” said Larkin. “The arms race across the hacker spectrum including the white hats and the black hats is continually evolving, which reinforces the fact that security is a process and not a point solution. Organisations need to stay on top of or seek outside help from experts to continually assess and improve their security posture.”
The survey asked respondents to give their best estimate over the last 12 months of the total financial cost of cybercrime and/or security breaches to their organisation, in terms of protection, response and damage. While nearly a third (32%) said that there was no cost, just over a third (37%) said there had been a cost in the range of up to €10,000. A significant 12% said the cost was in the €10,000 to €50,000 range. A further 7% said that the cost had been in the €50,000 to €100,000 range. In the €100,000 to €500,000 range was 8%, with a significant 3% in the range from €1 million to €10 million.
While these figures are a best estimate and cover protections, responses and damages, they still represent a significant cost to Irish organisations in dealing with cybercrime and security issues.
“For some organisations security spend can be perceived as expensive,” said Larkin, “and some are spending between €1 million to €10 million and upwards. Organisations that have been unfortunate enough to suffer a costly breach will tell you prevention is better than cure and investing in information security is better value for money in the long run.”